GDPR and CCPA Compliance

Dale DeHart created the topic: GDPR and CCPA Compliance

We've noticed that many of our customers have not made adjustments to their websites to bring them into compliance with the EU's new General Data Protection Regulation (GDPR) and California's new Consumer Privacy Act (CCPA), the latter of which goes into effect in the beginning of 2020.
GDPR Compliance
Primarily affecting firms that do business in the EU
The law, having taken effect on 25 May 2018, is designed to regulate the storage and monitoring of user personal information, and applies primarily to the following:
1. Firms located within the EU
2. Firms not located in the EU, if they offer goods or services (free or paid) to EU residents or monitor the behavior of EU Residents. More specifically,
a. The firm markets its goods and services in a language generally used in an EU member state
b. The firm lists prices in EU member state currencies, such as the Euro, British pound sterling, Swiss franc, etc.
c. The firm cites EU customers or users
Most of our customers fall into category 2 above through the use of cookies and we advise that all websites that are interested in doing business with the European Union become GDPR compliant to avoid legal complications and potential loss of business. Companies that deal directly with the EU will likely be wary dealing in information with noncompliant companies due to possible legal issues.

At a minimum, we suggest:

Update your Privacy Policy and link it to the footer of every page of the website.

Convert the website to be served in SSL-encrypted format (HTTPS).

Convert any forms to confirm the submitter is over the age of 16.

Add an "Accept Privacy Policy" feature to all forms.

Minimize data collected in forms to only that required to provide the subject service.

Legal Disclaimer
Please note that the information presented here solely reflects the views of its editors and authors and should not be construed as legal advice, but as a notification of potential liabilities. We recommend our clients consult a legal expert if they have any questions about GDPR or concerns about the legality of their activities, then get back to us if they would like to implement GDPR compliance activities.